Credential purpose-based access control for personal data protection in web-based applications

Web-based applications enable users to carry out their business transactions virtually at any time and place whereby users are required to disclose almost all their personal information which result in greater risks of information disclosure. Therefore, protecting personal information is of utmost importance. Enforcing personal information protection in databases requires controlled access to systems and resources and granted only to authorized users. Traditional access control systems cannot be used in achieving full personal data protection. Current purposebased access control systems provide insufficient protection of personal data especially in web-based applications. This is mainly due to the absence of user authentication in these systems and the fact that data subjects have less control over their information. This research is an effort to overcome this problem in which the Credential Purpose-Based Access Control (CrePBAC) system is introduced. This system implements a two-phase security and an access control mechanism with a model and security policy implementation. The two-phase security model involves user authentication using personal credential and data authorization based on purpose. The organization’s security and privacy policies are implemented using metadata technique in Hippocratic Databases. The metadata technique utilizes a data labeling scheme based on purpose and control data access through query modification. The model and mechanism were successfully implemented. The results from the two types of case studies tested showed that the access control mechanism provides users with more rights and control over their data. In conclusion, this research has introduced a new approach in purpose-based access control with a two-phase security model and mechanism that provides greater control for personal data protection in web-based applications

Analysis of Existing Privacy-aware Access Control for E-Commerce Application

Due to the growing use of the internet, more and more critical processes are running over the web such as e-commerce. Internet allows commerce and business between parties who are physically distant and do not know each other doing the transaction. For the effective operation of the web application and e-commerce applications, security is a key issue. Various aspects of security are relevant to e-commerce such as database security. The availability of e-commerce, user transactions are no longer bound to traditional office-centered environment, but it can be started virtually anywhere at any time. It was moving from closed environment to open environment. In this paper, we clearly define the privacy-aware access control requirements. We also investigated few existing access control in the context of this requirements. We build an assessment criteria in our comparison based on the requirements defined which we finally used it later as a guidelines to design an access control for e-commerce application

Incremental algorithm for association rule mining under dynamic threshold

© 2019 The Authors. Published by MDPI AG. This is an open access article available under a Creative Commons licence. The published version can be accessed at the following link on the publisher’s website: https://doi.org/10.3390/app9245398Data mining is essentially applied to discover new knowledge from a database through an iterative process. The mining process may be time consuming for massive datasets. A widely used method related to knowledge discovery domain refers to association rule mining (ARM) approach, despite its shortcomings in mining large databases. As such, several approaches have been prescribed to unravel knowledge. Most of the proposed algorithms addressed data incremental issues, especially when a hefty amount of data are added to the database after the latest mining process. Three basic manipulation operations performed in a database include add, delete, and update. Any method devised in light of data incremental issues is bound to embed these three operations. The changing threshold is a long-standing problem within the data mining field. Since decision making refers to an active process, the threshold is indeed changeable. Accordingly, the present study proposes an algorithm that resolves the issue of rescanning a database that had been mined previously and allows retrieval of knowledge that satisfies several thresholds without the need to learn the process from scratch. The proposed approach displayed high accuracy in experimentation, as well as reduction in processing time by almost two-thirds of the original mining execution time.This research was funded by University Malaya through a postgraduate research grant (PPP) grant number PG106-2015B.Published onlin

Utilizing hippocratic database for personal information privacy protection

In today's digital world, privacy protection over personal information has become a major element in web based application. Both parties involved in a web based application transaction, either consumer or application provider should be ensured with this privacy. Protecting privacy are always related with personal information. Personal information is an information type that usually needs to keep as a private. Because of the important of privacy concerns today, we need to design a database system that suits with privacy. Agrawal et. al. has introduced Hippocratic Database. This paper will explain how HOB can be a future trend for web-based application to enhance their privacy level of trustworthiness among internet user

Controlling and disclosing your personal information

As organizations come to rely on the collection and use of personal information in order to complete the transactions and providing good services to their users, more and more user personal information is being shared with web service providers leading to the need to protect the privacy. Personal information is processed, stored and disclosed and often it generated in the course of making a commercial exchange. Credit card numbers, individual identity number, purchase records, monthly income, and related types of personal information all have important role with his this commercial information system. However this creation and use of personal information raises issues of privacy not only for the individual, but also for organizations. Easy access to private personal information will cause the misuse of data, no control over the information and others. Because of this, it's important to protect the information not only from external threats but also from insider threats. Data disclosure when performing a task in web-based application should be ensured. Within the electronic scenario, personal information have been collected, stored, manipulated and disclosed without the owner's consent. This paper will discuss on the relationship between personal information and its privacy. We also extended the model introduced by Al-Fedaghi as a way to control the personal information disclosure. We also suggested that the use of Hippocratic Database concepts as a way to control the personal information disclosure

Personal Information and Privacy in E-Commerce Application

Abstract: -Today, the world are moving towards e-commerce application in completing their daily jobs. An ecommerce application becomes the preferred medium to complete the day's tasks. The potential for wide-ranging surveillance of all cyber activities presents a serious threat to information privacy. It gives more bad results in personal information privacy. In any e-commerce activities, all personal information should be controlled including their disclosure in order to protect its privacy. This paper discusses how personal information is used in e-commerce application and how it should be controlled

Privacy-preserving in web services using hippocratic database

Nowadays, the growth of internet has been accompanied by the growth of web services (e.g egovernment, e-health, e-commerce). Web services collect data, especially individuals, from users and use them for various purposes. Sometimes, web services need to release the data they own to third parties. Because privacy is an important concern in web services, there are several research efforts have been devoted to address issues related to the development of privacy-preserving data management techniques. In [3], Agrawal et. al. has introduced Hippocratic Database incorporating privacy protection in relational database systems. In this paper, we'll proposed the use of Hippocratic Database to ensure the privacy in web services. We use a scenario for driving license renewal by Road Transport Department in order to illustrate this

Personal information privacy protection in e-commerce

Today, the world are moving towards e-commerce application in completing their daily jobs. An e-commerce application becomes the preferred medium to complete the day's tasks. Electronic commerce or e-commerce is a potentially growing business for today's market. Basically, online shopping eliminates conventional purchase approach which is labor-intensive and time-consuming. Through cyber space, order can be placed electronically and the product will be produced and shipped with the middleman. The potential for wide-ranging surveillance of all cyber activities presents a serious threat to information privacy. It gives more bad results in personal information privacy. In any e-commerce activities, all personal information should be controlled including their disclosure in order to protect its privacy. This paper discusses how personal information is used in e-commerce application and how it should be controlled